AppGuard 4.x 32/64 Bit - Releases

Good Idea, but we don't want to delay the upcoming release. I'll add it to our candidate enhancements for 5.0.

 

No it won't work. We actually have different executables and drivers for 32 bit vs. 64 bit. They are all included in the Product Install Package which detects the OS type and installs the appropriate files.

 

Hopefully those that were offering to test the 32bit on a 64bit machine will see your post. Thank you for the info!

 

Salutations,

Feedback so far

So far, after making the necessary adjustment between AppGaurd and Sandboxie! To make that there no confilct. Sandboxie seem NOT working correctly from time to time. Deleting the files! ect......

This have been over a 2 day period of time, You have too let AppGuard down to (install mode) for it to work correctly a 100% of the time.

On one my PC that does not have AppGaurd install, this does not happen.

Moose's World

 

Question. My stepdad got a virus alert yesterday from Avast!. Today he has a new .docx file on his desktop he has no idea about. Virustotal had 0 hits on it, but had also never scanned that particular file before.

Interested, I took it to my computer via USB, set AppGuard to Lockdown, and ran it. It opened in WPS Writer. The contents appear somewhat junk, but the person who wrote it may just be abbreviating in it. However, I checked my AppGuard alerts log, and had this entry:

02/11/15 20:28:42 Prevented process <Google Chrome> from writing to <c:\windows\cryptoguard\2cb0c24d>.

Is that something normal, or was this cryptomalware that was blocked?

Also, I uploaded the file to ThreatExpert and am awaiting a response.

EDIT: Apparently I get that same log every time I open Chrome, but not sure why it happened when WPS opened. Is that behavior still normal? Should Chrome be trying to access the CryptoGuard folder?

 

I have the CryptoGuard folder in the Windows folder except it is empty. I'm using Windows 7X64 Ultimate. It says 2/11/15 @ 8:18 was the last time it was modified. Maybe it came with a recent Windows update, or maybe it belongs to HMPA. Does your stepdad have Hitman Pro Alert on his computer?

 

I just checked again, and CryptoGuard folder in Windows was created about 3 minutes after I installed the latest HMPA RC. I enabled CryptoGuard in HMPA about 3 minutes after installing HMPA. It came disabled by default this time. I think the folder probably belongs to HMPA. I'm not sure why your stepdad got a file on his desktop like that though even if he has HMPA installed.

 

You misread my post. I moved the file to my computer and opened it in WPS Writer to see if it was malicious.

 

Ok, my bad.

 

Salutations,

Recheck the setting! Everything is correct! And updated Sandboxie! @ Peter2150
Let see what happen today.

Hopefully this will with improvement of AppGaurd. Look over, please! 3/4 down the page
http://malwaretips.com/threads/ctb-locker-ransomware-2015-02-01-update5.41633/

Look over their different red square boxes. For example, trojan/rootkit, ransomware,
malwarepack to see if AppGaurd is blocking them?

Moose's World

 

I just noticed that applications that I made power apps from Program Files(x86) folders show the incorrect path in the AG UI. They show Program Files Folders. This has probably been the case all along. I can't believe i'm just now noticing this.

 

I had noticed that before, several weeks ago, path is shown as Program Files instead of Progams Files (x86). I really don't know if this poses a real problem. BTW I noticed there's a limit for applications to add, no?

 

It doesn't pose any problem that i'm aware of. It still enforces the power app policy for the application. I may have noticed this in the past, and forgot about it. There is a limit on the number of power apps, but I don't remember what it is off hand.

 

The limit on the number of power apps was increased from 8 in v3 to 16 in v4.

 

I myself have not made any programs as Power applications.
And I am a little bit curious what you other users have made as ones?

 

Me personally - none.

 

Nod32 Av and Malwarebytes AM, using locked down mode.

 

I work with ADK tools for AIO creations (Windows and Office products) and/or servicing wim images files with lots of indexes, so I need to add dism, imagex, etc. to power applications, otherwise I need to put the shields down
Besides, I need to add Rufus, Computehash and several other utilities that exceed the limit imposed.

 

No problem, take your time.

I think it is. However it is hard to test and in most cases may be not noticeable.
ClearEvenLog.bat is one of the ways to show it when ran from user space because it need access to system space all the time. Batch script is exactly like this http://pastebin.com/pKCLx680 and it as the name says it clear all event logs. Some of them can't be deleted because are in use all the time - an error is returned. On Windows 7 it checks if administrator rights has been used and it terminates if not. On Windows 10 it shows "Access denied" if admin rights has not been used.
I have ClearEvenLog.bat in "D:\Różne\" path. This folder is in user space and it has not been added to any exclusions etc.

http://iv.pl/images/00629215911435227717.jpg
http://iv.pl/images/00297092087644518970.jpg

The first one has been taken exactly when I clicked (ticked the box) to restore previous protection level. The second one when unticked the box.

"Odmowa dostepu" - Access denied.

 

I turned AG off for a while to get a break from all the events in Event Viewer. My computer seems to be a lot quicker now. I might leave it off for good now. All it did was give me a job to do in event viewer in order to clear out the logs.

 

Why do you feel you need to clear out the logs? AG will always have a lot of blocked events in the event viewer on most users machines. In most cases it is just blocking potentially harmful behavior. If it is not causing you any problems you can ignore the blocked events in the event viewer. Is it causing any problems you know of? I have never experienced any noticeable performance hit with AG. If it is slowing your machine down then maybe you are having an application conflict. You could post your event log here if you would like so others can see if anything is being blocked that could potentially cause problems.

 

I agree with Cutting_Edgetech and Peter2150. That said, if you want to substantially reduce the amount of event logging that AppGuard does, uncheck all of the Event Log checkboxes in the Alerts tab.

Also, if you are using CCleaner, you can set CCleaner to clear Windows Event Logs automatically when it runs.